# Configuring DynamoDB workspace data connections

During workspace creation, under **Connection Type**, click **DynamoDB**.

## Connecting to the source database

For the source database, you can use either:

* A local DynamoDB instance. If you use a local instance, it must be publicly accessible.
* The cloud instance.

### **Connecting to a local instance**

To connect to a local instance:

1. Toggle **Use Local DynamoDB Instance** to the on position.
2. In the **Server** field, provide the path to the server that hosts DynamoDB.
3. In the **Port** field, specify the port to use to connect to DynamoDB.
4. To test the connection to the source database, click **Test Source Connection**.

### **Connecting to the cloud instance**

When you connect to the cloud instance, Structural prompts you to provide the access credentials.

You can either provide the credentials, or use an assumed role.

On a self-hosted instance, if you do not provide credentials in the workspace configuration, then Structural uses either:

* The credentials for the IAM role on the host machine.
* The credentials set in the following [environment settings](https://docs.tonic.ai/app/admin/environment-variables-setting):
  * `TONIC_AWS_ACCESS_KEY_ID` - An AWS access key that is associated with an IAM user or role.
  * `TONIC_AWS_SECRET_ACCESS_KEY` - The secret key that is associated with the access key.
  * `TONIC_AWS_REGION` - The AWS Region to send the authentication request to.

To connect to the cloud instance:

1. Toggle **Use Local DynamoDB Instance** to the off position.
2. To use an assumed role:
   1. Click **Assume Role**.
   2. In the **Role ARN** field, provide the Amazon Resource Name (ARN) for the role.
   3. In the **Session Name** field, provide the role session name.\
      \
      If you do not provide a session name, then Structural automatically generates a default unique value. The generated value begins with `TonicStructural`.
   4. In the **Duration (in seconds)** field, provide the maximum length in seconds of the session. \
      \
      The default is `3600`, indicating that the session can be active for up to 1 hour.\
      \
      The provided value must be less than the maximum session duration that is allowed for the role.
3. To provide user credentials:
   1. Click **User Credentials**.
   2. In the **AWS Access Key** field, enter the AWS access key that is associated with an IAM user or role.
   3. In the **AWS Secret Key** field, enter the secret key that is associated with the access key.
   4. In the **AWS Session Token** field, you can optionally provide a session token for a temporary set of credentials.
   5. From the **AWS Region** dropdown list, select the AWS Region to send the authentication request to.
4. To test the connection to the source database, click **Test Source Connection**.

## Connecting to the destination database

For the destination database, you can use either:

* A local DynamoDB instance. If you use a local instance, it must be publicly accessible.
* The cloud instance.

The destination database:

* Cannot be on the same local instance as the source database.
* Cannot be tied to the same AWS account as the source database.

### **Connecting to a local instance**

To connect to a local instance:

1. Toggle **Use Local DynamoDB Instance** to the on position.
2. In the **Server** field, provide the path to the server that hosts DynamoDB.
3. In the **Port** field, specify the port to use to connect to DynamoDB.
4. To test the connection to the source database, click **Test Source Connection**.

### **Connecting to a cloud instance**

When you connect to the cloud instance, Structural prompts you to provide the access credentials.

You can either provide the credentials, or use an assumed role.

On a self-hosted instance, if you do not provide credentials in the workspace configuration, then Structural uses either:

* The credentials for the IAM role on the host machine.
* The credentials set in the following [environment settings](https://docs.tonic.ai/app/admin/environment-variables-setting):
  * `TONIC_AWS_ACCESS_KEY_ID` - An AWS access key that is associated with an IAM user or role.
  * `TONIC_AWS_SECRET_ACCESS_KEY` - The secret key that is associated with the access key.
  * `TONIC_AWS_REGION` - The AWS Region to send the authentication request to.

To connect to a cloud instance:

1. Toggle **Use Local DynamoDB Instance** to the off position.
2. To use an assumed role:
   1. Click **Assume Role**.
   2. In the **Role ARN** field, provide the Amazon Resource Name (ARN) for the role.
   3. In the **Session Name** field, provide the role session name.\
      \
      If you do not provide a session name, then Structural automatically generates a default unique value. The generated value begins with `TonicStructural`.
   4. In the **Duration (in seconds)** field, provide the maximum length in seconds of the session. \
      \
      The default is `3600`, indicating that the session can be active for up to 1 hour.\
      \
      The provided value must be less than the maximum session duration that is allowed for the role.
3. To provide user credentials:
   1. Click **User Credentials**.
   2. In the **AWS Access Key** field, enter the AWS access key that is associated with an IAM user or role.
   3. In the **AWS Secret Key** field, enter the secret key that is associated with the access key.
   4. In the **AWS Session Token** field, you can optionally provide a session token for a temporary set of credentials.
   5. From the **AWS Region** dropdown list, select the AWS Region to send the authentication request to.
4. To test the connection to the source database, click **Test Destination Connection**.